Generate a New Certificate Signing Request

Federation Manager Guide › Key and Certificate Management to Secure Federation Messages › Obtain a Key/Certificate Pair for Federated Transactions › Generate a New Certificate Signing Request

Generate a New Certificate Signing Request

A certificate signing request (CSR) is a message that you send to a Certificate Authority to apply for a identity certificate. Before you can generate a CSR, Federation Manager has to generate a key/certificate pair. The certificate is then placed in the CSR.

Generate a new request for an existing private key because:

You no longer have the original request that Federation Manager generated for the private key/self-signed certificate pair.
You need a new certificate for an expiring one, which requires a new copy of a CSR to submit to a Certificate Authority.

You can generate a new CSR for a self-signed or CA-signed private key/certificate pair. The private key always generates an identical CSR without modifying the existing private key.

Follow these steps:

From the Certs & Keys tab, select Certificate and Private Keys.
The Certificate and Private Key List displays.
Select Action, Generate CSR for the private key entry for which you want a new CSR.
A file that conforms to the PKCS #10 specification is generated and Federation Manager prompts you to save the CSR.
Click Save.
(Optional) If you require a CA-signed certificate, contact a Certificate Authority and follow the procedure the Certificate Authority requires for submitting a request. Use the PKCS#10 file you saved in the previous step for the request.

After you complete the certificate request process, the Certificate Authority issues a signed certificate response that you import into the certificate data store. Federation Manager replaces the existing certificate entry of the same alias with the newly imported certificate.